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BEST AVAILABLE COPY 



spam stoppers 



if the average user's mail is. 25 percent spam, tfrere must 
pe some very lucky people out there bringing the numbers 
idovvn, because our in-boxes are overflowing with it. 
py Brett Glass 



raagine this: You rev up your e-mail program, 
eager to read new messages from friends, rela- 
tives, coworkers, and that interesting mailing list 
you just joined. Instead, your in-box is littered 
with solicitations for porn sites, come-ons for 
pyramid schemes, and even messages urging 
you to make improbable sums of money by 
flooding other people's mailboxes. By the time you separate wheat 
from chail, you hardly have time to read, much less reply to, the- 
tnail you care about- Nothing will kill all your spam, but with the 
futilities and services that follow, you can take a big bite out of it. 

■WHAT IS SPAM ? Many spam fighters define spam as unso- 
licited commercial e-mail (UCR) — e-mail sent by a company that 
has no existing business relationship with you to get you to buy 
^something. The person on the street leans toward a broader 
definition; "solicitations or mass mailings I didn't ask for and 
Sdon't want " We agree. 

Ihow THEY FIND YOU How do spammers get your e-mail ad- 
dress? The answer is: however they caru Post to an online discus- 
sion, such as mailing lists Or Internet newsgroups, and spambnts, 
programs that scan for e-mail addresses, will grab yours. Or try 
jthis: join AOL (or create a new screen name) and enter a chat 



room. Then watch your pristine e-mail box be defiled by pom. 

Some online merchants may sell their mailing lists (Includ- 
ing your address), especially when they go belly-up. For exam- 
ple, former readers of The Industry Standard recently began 
receiving solicitations from AOL Time Warner. Apparently, the 
media giant had bought the publication's subscriber list. 

Finally, spammers collect addresses using viruses, worms, 
malicious code in Web pages, spyware hidden (n software, and 
other techniques that amount to tampering with your machine. 

W H AT NOT TO DO Never reply directly to a spammer or at- 
tempt to use a link or address they claim will remove you from 
their list. At best; your request will bounce; at worst, it'll let the 
spammer know your address is valid 

IF you want to complain, complain to the spammer's ISP. This 
requires that you either be technically savvy enough to analyze 
e-mail headers yourself, or have a good header-analysis tool 
such as Sam Spade for Windows ihttp^ Aamspade.org/sswA. 

Expert or not, you may want to use an abuse reporting system 
such as abuse. net's contact database (www.abuse.rtet/ 
contactJttml) to route your complaint to the right address. Be 
warned, however, that many ISPs — particularly those outside the 
U.S. — will ignore your complaints because of language barriers, 
lack of interest or lack of resources* You can also report spam to 
the Mail Abuse Prevention System, or MAPS (www.mail-abuse 
.org). MAPS cannot cut off a spammer's Internet service, but it 
can threaten to blacklist its addresses; then you can encourage 
your ISP to subscribe to MAPS's blacklists. 

DISPOSABLE E-MAIL ADDRESSES One way to cut down 
on spam is to create separate mail accounts for different mail 
types, such as personal maiL mail with e-commerce sites, mail- 
ing lists* and so on. The problem with this approach is that you 
have to check multiple accounts, and once an account starts 
getting spammed, you'll probably need to shut it down. An al- 
ternative is the disposable e-mail address (DEA). A DEA lets you 
send and receive mail using an alias that routes to a real 
e-mail account. Let's say you give a DEA to a company — call it 
SpatnKing.com -and then anything SpamKing.com sends you 
will come to your real e-mail via the DEA. If you don't tike the 




Client-Side Antispam Tools 



If your ISP or boss doesn't provide spam filtering but you're stffl 
Jed tip with spam, you may be able to use an antispam tool that 
works on the computer where you read your mail These tools let 
you toke mail matters into your own hands, blocking specific 
messages (or types of messages) that a company might be loath 
to block far everyone. 



JUNK SPY 

Junk Spy (with pattern updates 
for one year, $59; thereafter, 
$24 per year) Is the only cllent- 
slde antispam product in this 
roundup that operates as a 
; proxy, meaning it sits between 



your e-mail client and the 
server, acting In concert rather 
than as a competing client The 
upshot Is that you can have 
your regular e-mail software 
check mail automatically. Junk 
Spy tests incoming mail 



against a personal white list, a 
supplied database of patterns, 
and DNS blacklists. 

Junk Spy has the ability to 
destroy junk-mail messages 
before they're downloaded or to 
flag them. The latter Is recom- 
mended, because the former 
doesn't work with all e-mail 
clients. Flagging messages Is 
also preferable because It lets 
your mail program filter the 
flagged messages into a "prob- 
able spam*' mailbox, which you 



can check periodically for false 
positives. If you find a legiti- 
mate message In the folder, you 
can add it to the white fist. 

Though more accurate than 
most at detecting spam and 
relatively easy to set up (there 
are some TCP/IP tricks to 
master if you're running Nor- 
ton Antivirus or are tunneling 
e-mail sessions through Se- 
cure Shell). Junk Spy does have 
some significant limitations. It 
supports P0P3 only— not 
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E-MAIL 




mail you're getting from SpamKing.com— or whomever it sold 
your address to — just dispose of the DEA. 

Spamex ($9.95 per year, free trial available) generates DEAs on 
demand via a pop -up window in your browser. You can 
organize, add, and delete DEAs via Spam ex's Web-based inter- 
face, and the service automatically overwrites the From and 
Reply to addresses on your outgoing replies to the e-mail that 
arrived at a DEA, so recipients can't learn your real address. You 
can have multiple DEAsfunneling e-mail to a single real in-bc*. 
Message subjects coming in to your real in-box from a DEA can 
be modified to reveal the disposable address where each e-mail 
was sent, so when the spam starts pouring in, you simply can- 
cel the DEA— and know who sold your name. Multiple "rear 
addresses are allowed, and secure access via SSL is available. 
(ClicVU Inc. wwwApamex.com. ••••o) 

SpamCon Foundation ($15 per year) is a rebranded version of 
Spamex, with slightly different pricing and terms. Part of the fee 
goes to a nonprofit organization dedicated to fighting spam. 
(SpamCon Foundation, www.$pamcan.OTgfervkes/dea. •••••:•) 
Emailias ($19.95 per year, free trial available) offers similar 
features in a simple potnt-and-click interface. And like Spamex, 
Emailias has not achieved seamless integration with e-mail client 
software. (Emailias LLC, www^maiiiasjcom. ••••o) 

Sneakemail (free) was the first DEA service; virtually all the 
others have copied at least some features from it It's run 
on a shoestring by spam-fighting volunteers and 
is not as friendly to novices as Emailias or 
Spamex. The Web pages don't offer as 
much hand-holding as the best com- 
mercial DEA sites, and e-mail is the 
only way to get support if you run 
into trouble. Message sizes are 
limited to 80 K (anything larger 
bounces), including attachments, 
which pretty much rules out use of 
the service for business or even 
serious personal use. (Sneakemail, 
wwwsneakemaiLeom. •••oo) 

Like Sneakemail, SpamMoteUom is 
a free DEA service. Though the service is 



quite polished , its site is bu ggy an d crashes repeatedly until vr>ii 



accept its cookies. Although it can be operated 
entirely from its Web interface, SpamMoteLcom also offers some- 
thing unique a Windows program, which streamlines the use of 
the site for Windows users. SpamMoteLcom plans to introduce a 




VSSSJIKTBtTR^f^t^Wr^Sli continue to otter itsTasic^reese? 
vice (SpamMotel, www.spammotelcom. •••oc) 

A full-featured e-mail service that goes far beyond just DEAs, 
Mailshel (with domain registration, $34.95 per year; for existing 
personal domains, $24.95 per year; free trial available) provides 
Web mail, POP3 and IMAP access, forwarding, virus screening, 
and spam filtering. The premium service includes registration of 
a unique domain for your incoming e-mail under MailsheJl's 
name so that your personal information stays out of the Whois 
database. (Mailshell.com Inc, httpJ/maUshBlljcorn. ••••o) 

My Mail Oasis (free) is a Web-based e-mail service with filter- 
ing rules that may be useful to stop spam (though it doesn't let 
you select other tools, such as the MAPS blacklists). The service 
offers disposable e-mail addresses, but Oasis's disposal mecha- 
nism is cruder than others: In two clicks, you can change your 
address from, say, [nameJ@myrnaiioasis.com to [name]. 
1001@rnymailoasi$.com t Alas, this leaves behind not only 
spammers but also legitimate correspondents. 
The site does offer one interesting feature, the Super Opt-In, 
whereby the site— not an individual user— subscribes 
to online newsletters and then passes them on 
to users who want them. If you want off the 
list, you must contact Oasis, not the 
original sender. (Online Companies 
Inc., www.mymailoasisxx>m. ••ooo) 
The DEA service spamgourrnet 
(free) has a few interesting twists. 
Its disposable addresses normally 
expire after it receives a certain 
number of messages. (You can 
designate trusted senders, who you 
give e-mail addresses that won't ex- 
pire.) The service also has a unique 
no-brainer mode, where you don't have 
ask it to generate a DEA. Instead, you 



IMAP, AOL or Web-based e- 
mall. And for some reason the 
current version is not compat- 
ible with Netscape 6 (though 
it works with Netscape 4j0* 
Junk Spy can't convert your 
address book to a white list; 
you must do this manually. 
And Junk Spy does not include 
spa retracing tools or tools to 
aid you in filing abuse com- 
plaints. (Sundial Systems 
Corp., mvwjunkspy.com. 
•••oo) 



SPAM BUSTER 

Spam Buster (free; ad-free 
version, $13.95) works by 
checking your mailbox indepen- 
dent of your mail client and 
deleting messages that it 
recognizes as spam. It bases Its 
decision exclusively on a mes- 
sage's header and size, as 
returned by the POP's TOP 
command. Spam Buster does 
not have to download the entire 
message from your mailbox, 
which makes it faster than 



SpamKiller, and also prevents a 
server that removes mail once 
it's been retrieved from deleting 
mail that's been checked before 
you actually download It 

But since It looks only at the 
headers, the filter has less to 
work with and may give even 
more false positives. Given a 
mailbox containing 25 mes- 
sages (flone spam). Spam 
Buster misicterrtined 5 of them 
as spam. One had been sent by 
a user with a blacklisted® 



earth flnk.net address. Another 
was blocked, ironically, because 
the sender used a disposable 
e-mail address—the jumble of 
digits in the randomly generat- 
ed address triggered the filter. 
Spam Buster can work with 
servers that use POP, but not 
with AOL, IMAP, or Web-based 
e-mail services. 

Unfortunately, Spam Buster 
competes with your mail client 
for use of your mailbox and is 
thus subject to what program- 
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